Apple Just Doesn’t Get It | Apple and Security

Welcome! Please comment and leave me a note telling me what you like and what you'd like to see more of. Sign up to my RSS Feed!

Apple doesn’t believe in Security?

As I said nearly two months ago, in my blog post here, "I am concerned about the attitude by Apple which suggests complete laxity, and indeed, abhorrence, of the concept of Information security."  I also pointed out that at hitting the milemark of 40 million iPhones, Apple is now positioned to become a major, sexy, target for computer hackers and malefactors.

As I feared by stating

"Oh, what happens if (or when) a Cracker finds that code or connects remotely to your cell/wifi enabled phone and does the trick for you?"

Less than a month later, a code was revealed that would let attackers run software code on the phone that is sent by SMS and allow them to monitor the location of the phone using GPS, turn on the phone’s microphone to eavesdrop on conversations, or make the phone join a distributed denial of service attack or a botnet.   Sigh.

And, of course, when you combine the above with the statement I made about "Steal a Phone, get a CAR!”, just imagine what can happen now….

So, Apple, it is nice that you put an encryption chip in the phone.  But without proper testing and validation, what you get is this (from The Register): 

"A researcher has delved into the encryption used to protect content on the iPhone 3GS, only to claim it is "entirely useless" and that he had "[never] seen encryption implemented so poorly before".

It is nice that you, Apple, spend time making sure that iTunes does not get "mis-used" by such "evil" devices as the Palm Pre.  But you are not going to be taken seriously by Corporate America until you show more attention to Risk and Security.   Now that over 40 million devices are there, you really should.

Better yet.  Contact me.  I will fix it for you.